How to use the letsencrypt.plugins.common function in letsencrypt

To help you get started, we’ve selected a few letsencrypt examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github certbot / certbot / letsencrypt / plugins / standalone / authenticator.py View on Github external
import Crypto.Random
import OpenSSL.crypto
import OpenSSL.SSL
import zope.component
import zope.interface

from acme import challenges

from letsencrypt import achallenges
from letsencrypt import interfaces

from letsencrypt.plugins import common


class StandaloneAuthenticator(common.Plugin):
    # pylint: disable=too-many-instance-attributes
    """Standalone authenticator.

    This authenticator creates its own ephemeral TCP listener on the
    specified port in order to respond to incoming DVSNI challenges from
    the certificate authority. Therefore, it does not rely on any
    existing server program.

    """
    zope.interface.implements(interfaces.IAuthenticator)
    zope.interface.classProvides(interfaces.IPluginFactory)

    description = "Standalone Authenticator"

    def __init__(self, *args, **kwargs):
        super(StandaloneAuthenticator, self).__init__(*args, **kwargs)
github certbot / certbot / letsencrypt / plugins / standalone / authenticator.py View on Github external
import zope.component
import zope.interface

from acme import challenges

from letsencrypt import achallenges
from letsencrypt import crypto_util
from letsencrypt import interfaces

from letsencrypt.plugins import common


logger = logging.getLogger(__name__)


class StandaloneAuthenticator(common.Plugin):
    # pylint: disable=too-many-instance-attributes
    """Standalone authenticator.

    This authenticator creates its own ephemeral TCP listener on the
    specified port in order to respond to incoming DVSNI challenges from
    the certificate authority. Therefore, it does not rely on any
    existing server program.

    :param OpenSSL.crypto.PKey private_key: DVSNI challenge certificate
        key.
    :param sni_names: Mapping from z_domain (`bytes`) to PEM-encoded
        certificate (`bytes`).

    """
    zope.interface.implements(interfaces.IAuthenticator)
    zope.interface.classProvides(interfaces.IPluginFactory)
github certbot / certbot / letsencrypt-apache / letsencrypt_apache / tls_sni_01.py View on Github external
"""A class that performs TLS-SNI-01 challenges for Apache"""

import os
import logging

from letsencrypt.plugins import common

from letsencrypt_apache import obj
from letsencrypt_apache import parser

logger = logging.getLogger(__name__)

class ApacheTlsSni01(common.TLSSNI01):
    """Class that performs TLS-SNI-01 challenges within the Apache configurator

    :ivar configurator: ApacheConfigurator object
    :type configurator: :class:`~apache.configurator.ApacheConfigurator`

    :ivar list achalls: Annotated TLS-SNI-01
        (`.KeyAuthorizationAnnotatedChallenge`) challenges.

    :param list indices: Meant to hold indices of challenges in a
        larger array. ApacheTlsSni01 is capable of solving many challenges
        at once which causes an indexing issue within ApacheConfigurator
        who must return all responses in order.  Imagine ApacheConfigurator
        maintaining state about where all of the http-01 Challenges,
        TLS-SNI-01 Challenges belong in the response array.  This is an
        optional utility.
github certbot / certbot / letsencrypt-apache / letsencrypt_apache / configurator.py View on Github external
def get_name_from_ip(self, addr):  # pylint: disable=no-self-use
        """Returns a reverse dns name if available.

        :param addr: IP Address
        :type addr: ~.common.Addr

        :returns: name or empty string if name cannot be determined
        :rtype: str

        """
        # If it isn't a private IP, do a reverse DNS lookup
        if not common.private_ips_regex.match(addr.get_addr()):
            try:
                socket.inet_aton(addr.get_addr())
                return socket.gethostbyaddr(addr.get_addr())[0]
            except (socket.error, socket.herror, socket.timeout):
                pass

        return ""
github certbot / certbot / letsencrypt-apache / letsencrypt_apache / configurator.py View on Github external
:returns: All ServerNames, ServerAliases, and reverse DNS entries for
                  virtual host addresses
        :rtype: set

        """
        all_names = set()

        vhost_macro = []

        for vhost in self.vhosts:
            all_names.update(vhost.get_names())
            if vhost.modmacro:
                vhost_macro.append(vhost.filep)

            for addr in vhost.addrs:
                if common.hostname_regex.match(addr.get_addr()):
                    all_names.add(addr.get_addr())
                else:
                    name = self.get_name_from_ip(addr)
                    if name:
                        all_names.add(name)

        if len(vhost_macro) > 0:
            zope.component.getUtility(interfaces.IDisplay).notification(
                "Apache mod_macro seems to be in use in file(s):\n{0}"
                "\n\nUnfortunately mod_macro is not yet supported".format(
                    "\n  ".join(vhost_macro)))

        return all_names
github certbot / certbot / letsencrypt / plugins / webroot.py View on Github external
import os
import stat

import zope.interface

from acme import challenges

from letsencrypt import errors
from letsencrypt import interfaces
from letsencrypt.plugins import common


logger = logging.getLogger(__name__)


class Authenticator(common.Plugin):
    """Webroot Authenticator."""
    zope.interface.implements(interfaces.IAuthenticator)
    zope.interface.classProvides(interfaces.IPluginFactory)

    description = "Webroot Authenticator"

    MORE_INFO = """\
Authenticator plugin that performs http-01 challenge by saving
necessary validation resources to appropriate paths on the file
system. It expects that there is some other HTTP server configured
to serve all files under specified web root ({0})."""

    def more_info(self):  # pylint: disable=missing-docstring,no-self-use
        return self.MORE_INFO.format(self.conf("path"))

    @classmethod
github certbot / certbot / letsencrypt / plugins / standalone.py View on Github external
unrecognized = [name for name in challs
                    if name not in challenges.Challenge.TYPES]
    if unrecognized:
        raise argparse.ArgumentTypeError(
            "Unrecognized challenges: {0}".format(", ".join(unrecognized)))

    choices = set(chall.typ for chall in SUPPORTED_CHALLENGES)
    if not set(challs).issubset(choices):
        raise argparse.ArgumentTypeError(
            "Plugin does not support the following (valid) "
            "challenges: {0}".format(", ".join(set(challs) - choices)))

    return data


class Authenticator(common.Plugin):
    """Standalone Authenticator.

    This authenticator creates its own ephemeral TCP listener on the
    necessary port in order to respond to incoming tls-sni-01 and http-01
    challenges from the certificate authority. Therefore, it does not
    rely on any existing server program.
    """
    zope.interface.implements(interfaces.IAuthenticator)
    zope.interface.classProvides(interfaces.IPluginFactory)

    description = "Automatically use a temporary webserver"

    def __init__(self, *args, **kwargs):
        super(Authenticator, self).__init__(*args, **kwargs)

        # one self-signed key for all tls-sni-01 certificates